migration: release branch created

Makefile

@@ -271,6 +271,13 @@ namespacesynctests:
 	$(GOTEST) -v -mod=vendor $(PACKAGE_PATH_AKO)/tests/namespacesynctests -failfast -timeout 0 \
 	-coverprofile cover-9.out -coverpkg=./... > namespacesynctests.log 2>&1 && echo "namespacesynctests passed") || (echo "namespacesynctests failed" && cat namespacesynctests.log && exit 1)
 
+.PHONY: misc 
+temp:
+	@> misc.log
+	(sudo docker run \
+	-w=/go/src/$(PACKAGE_PATH_AKO) \
+	-v $(PWD):/go/src/$(PACKAGE_PATH_AKO) $(GO_IMG_TEST) \
+	$(GOTEST) -v -mod=vendor $(PACKAGE_PATH_AKO)/tests/temp -failfast > misc.log 2>&1 && echo "misc passed") || (echo "misc failed" && cat misc.log && exit 1)
 
 .PHONY: npltests 
 npltests:
@@ -332,8 +339,15 @@ infratests:
 	(sudo docker run \
 	-w=/go/src/$(PACKAGE_PATH_AKO) \
 	-v $(PWD):/go/src/$(PACKAGE_PATH_AKO) $(GO_IMG_TEST) \
-	$(GOTEST) -v -mod=vendor $(PACKAGE_PATH_AKO)/tests/infratests -failfast -timeout 0 \
-	-coverprofile cover-16.out -coverpkg=./... > infratests.log 2>&1 && echo "infratests passed") || (echo "infratests failed" && cat infratests.log && exit 1)
+	$(GOTEST) -v -mod=vendor $(PACKAGE_PATH_AKO)/tests/infratests -failfast -timeout 0 > infratests.log 2>&1 && echo "infratests passed") || (echo "infratests failed" && cat infratests.log && exit 1)
+
+# .PHONY: multiclusteringresstests
+# multiclusteringresstests:
+#   sudo docker run \
+#   -w=/go/src/$(PACKAGE_PATH_AKO) \
+#   -v $(PWD):/go/src/$(PACKAGE_PATH_AKO) $(BUILD_GO_IMG) \
+#   $(GOTEST) -v -mod=vendor $(PACKAGE_PATH_AKO)/tests/multiclusteringresstests -failfast -coverprofile cover-16.out -coverpkg=./...
+
 
 .PHONY: hatests
 hatests:
@@ -491,24 +505,6 @@ avi_rbac_tests:
 	$(GOTEST) -v -mod=vendor $(PACKAGE_PATH_AKO)/internal/lib -run "Test.*" -failfast -timeout 0 \
 	-coverprofile cover-30.out -coverpkg=./... > avi_rbac_tests.log 2>&1 && echo "avi_rbac_tests passed") || (echo "avi_rbac_tests failed" && cat avi_rbac_tests.log && exit 1)
 
-.PHONY: misc 
-misc:
-	@> misc.log
-	(sudo docker run \
-	-w=/go/src/$(PACKAGE_PATH_AKO) \
-	-v $(PWD):/go/src/$(PACKAGE_PATH_AKO) $(GO_IMG_TEST) \
-	$(GOTEST) -v -mod=vendor $(PACKAGE_PATH_AKO)/tests/miscellaneous -failfast -timeout 0 \
-	-coverprofile cover-31.out -coverpkg=./... > misc.log 2>&1 && echo "misc passed") || (echo "misc failed" && cat misc.log && exit 1)
-
-.PHONY: multiclusteringresstests
-multiclusteringresstests:
-	@> multiclusteringresstests.log
-	(sudo docker run \
-	-w=/go/src/$(PACKAGE_PATH_AKO) \
-	-v $(PWD):/go/src/$(PACKAGE_PATH_AKO) $(GO_IMG_TEST) \
-	$(GOTEST) -v -mod=vendor $(PACKAGE_PATH_AKO)/tests/multiclusteringresstests -failfast -coverprofile cover-32.out \
-	-coverpkg=./... > multiclusteringresstests.log 2>&1 && echo "multiclusteringresstests passed") || (echo "multiclusteringresstests failed" && cat multiclusteringresstests.log && exit 1)
-
 .PHONY: vks_tests
 vks_tests:
 	@> vks_tests.log

ako-crd-operator/go.mod

@@ -11,7 +11,7 @@ require (
 	github.com/onsi/ginkgo/v2 v2.23.3
 	github.com/onsi/gomega v1.37.0
 	github.com/stretchr/testify v1.10.0
-	github.com/vmware/alb-sdk v0.0.0-20250407104238-8f88209a8f1a
+	github.com/vmware/alb-sdk v0.0.0-20251031103126-465797fb76a0
 	github.com/vmware/load-balancer-and-ingress-services-for-kubernetes v0.1.0
 	k8s.io/api v0.33.1
 	k8s.io/apimachinery v0.33.1

ako-crd-operator/go.sum

@@ -447,8 +447,8 @@ github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijb
 github.com/vektah/gqlparser v1.1.2/go.mod h1:1ycwN7Ij5njmMkPPAOaRFY4rET2Enx7IkVv3vaXspKw=
 github.com/vmware-tanzu/service-apis v0.0.0-20200901171416-461d35e58618 h1:ZLkxMxSr/YrYENjUJ8g6uB4rUQpZKBR3Olqf2DvuMFk=
 github.com/vmware-tanzu/service-apis v0.0.0-20200901171416-461d35e58618/go.mod h1:afqpDk9He9v+/qWix0RRotm3RNyni4Lmc1y9geDCPuo=
-github.com/vmware/alb-sdk v0.0.0-20250407104238-8f88209a8f1a h1:LwflvQ8MSQ5X1Zh8sD5NF8XE1OU7xjr00USw+GQjykk=
-github.com/vmware/alb-sdk v0.0.0-20250407104238-8f88209a8f1a/go.mod h1:fuRb4saDY/xy/UMeMvyKYmcplNknEL9ysaqYSw7reNE=
+github.com/vmware/alb-sdk v0.0.0-20251031103126-465797fb76a0 h1:Ooc6UVcgHnHeOX4F1pvy5tZg+N5d7KEJT75NWlHHbbk=
+github.com/vmware/alb-sdk v0.0.0-20251031103126-465797fb76a0/go.mod h1:fuRb4saDY/xy/UMeMvyKYmcplNknEL9ysaqYSw7reNE=
 github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
 github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
 github.com/xiang90/probing v0.0.0-20160813154853-07dd2e8dfe18/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU=

ako-crd-operator/vendor/modules.txt

@@ -206,7 +206,7 @@ github.com/stretchr/testify/assert/yaml
 # github.com/vmware-tanzu/service-apis v0.0.0-20200901171416-461d35e58618
 ## explicit; go 1.13
 github.com/vmware-tanzu/service-apis/apis/v1alpha1pre1
-# github.com/vmware/alb-sdk v0.0.0-20250407104238-8f88209a8f1a
+# github.com/vmware/alb-sdk v0.0.0-20251031103126-465797fb76a0
 ## explicit; go 1.16
 github.com/vmware/alb-sdk/go/clients
 github.com/vmware/alb-sdk/go/models

ako-gateway-api/nodes/gateway_model_rel.go

@@ -824,6 +824,12 @@ func validateReferredHTTPRoute(key, name, namespace string, allowedRoutesAll boo
 				if parentRef.Namespace != nil {
 					namespace = string(*parentRef.Namespace)
 				}
+				gwNSName := fmt.Sprintf("%s/%s", namespace, string(gwName))
+				gwProcessedByRoute := akogatewayapiobjects.GatewayApiLister().IsGatewayProcessedByRoute(routeTypeNsName, gwNSName)
+				if !gwProcessedByRoute {
+					utils.AviLog.Warnf("key: %s, msg: Gateway %s is not processed by HTTPRoute: %s/%s", key, gwNSName, httpRoute.Namespace, httpRoute.Name)
+					continue
+				}
 				gateway, err := akogatewayapilib.AKOControlConfig().GatewayApiInformers().GatewayInformer.Lister().Gateways(namespace).Get(string(gwName))
 				if err != nil {
 					utils.AviLog.Errorf("key: %s, msg: unable to get the gateway object %s . err: %s", key, gwName, err)
@@ -834,7 +840,9 @@ func validateReferredHTTPRoute(key, name, namespace string, allowedRoutesAll boo
 				if !isAKOCtrl {
 					utils.AviLog.Warnf("key: %s, msg: controller for the parent reference %s of HTTPRoute object %s is not ako", key, name, httpRoute.Name)
 				} else {
-					httpRouteStatus.Parents = append(httpRouteStatus.Parents, httpRouteStatusInCache.Parents[indexInCache])
+					if len(httpRouteStatusInCache.Parents) > indexInCache {
+						httpRouteStatus.Parents = append(httpRouteStatus.Parents, httpRouteStatusInCache.Parents[indexInCache])
+					}
 				}
 			}
 		}
@@ -855,7 +863,7 @@ func validateReferredHTTPRoute(key, name, namespace string, allowedRoutesAll boo
 		httpRouteToGatewayOperation(httpRoute, key, name, namespace)
 		routeTypeNsNameList, found := HTTPRouteChanges(httpRoute.Namespace, httpRoute.Name, key)
 		if !found {
-			utils.AviLog.Warnf("key: %s, msg: got error while getting HTTPRoute changes: %v", key, err)
+			utils.AviLog.Warnf("key: %s, msg: got error while getting HTTPRoute changes", key)
 			continue
 		}
 		routes = append(routes, routeTypeNsNameList...)

ako-gateway-api/objects/gateway_store.go

@@ -327,6 +327,14 @@ func (g *GWLister) GetRouteToRouteStatusMapping(routeTypeNamespaceName string) *
 
 //=====All route <-> gateway mappings go here.
 
+func (g *GWLister) IsGatewayProcessedByRoute(routeTypeNsName, gwNSName string) bool {
+	found, gwList := g.GetRouteToGateway(routeTypeNsName)
+	if !found || !utils.HasElem(gwList, gwNSName) {
+		return false // can use found
+	}
+	return true
+}
+
 func (g *GWLister) GetRouteToGateway(routeTypeNsName string) (bool, []string) {
 	g.gwLock.RLock()
 	defer g.gwLock.RUnlock()

ako-infra/avirest/netinfo_handler.go

@@ -38,6 +38,12 @@ import (
 	"github.com/vmware/load-balancer-and-ingress-services-for-kubernetes/pkg/utils"
 )
 
+// These RBAC rules are needed for NSX T1 integration
+
+// +kubebuilder:rbac:groups=nsx.vmware.com,resources=namespacenetworkinfos;namespacenetworkinfos/status,verbs=get;list;watch
+// +kubebuilder:rbac:groups=nsx.vmware.com,resources=clusternetworkinfos;clusternetworkinfos/status,verbs=get;list;watch
+// +kubebuilder:rbac:groups=topology.tanzu.vmware.com,resources=availabilityzones,verbs=get;list;watch
+
 type T1LRNetworking struct {
 }
 

ako-infra/ingestion/vks_cluster_watcher_test.go

@@ -137,6 +137,10 @@ func setupVKSTest(t *testing.T, clusterName, namespaceName, cniRefName string) *
 			os.Setenv("VCF_CLUSTER", oldVCFCluster)
 		}
 	})
+
+	// Set VPC_MODE environment variable to enable VPC-specific dynamic informers (ClusterInformer)
+	os.Setenv("VPC_MODE", "true")
+
 	// Create namespace with required VKS annotations
 	namespace := &corev1.Namespace{
 		ObjectMeta: metav1.ObjectMeta{

ako-infra/proxy/management_service_controller.go

@@ -427,7 +427,9 @@ func getClusterConfigValues() (string, string, error) {
 }
 
 func (c *ManagementServiceController) CreateManagementServiceGrant(namespace string) error {
-	grantName := fmt.Sprintf("%s-%s", namespace, VKSManagementServiceGrant)
+	// Use fixed grant name - vCenter API is namespace-scoped via URL path
+	// (/api/vcenter/namespaces/{namespace}/management-services/access-grants/{grantName})
+	grantName := VKSManagementServiceGrant
 	existingGrant, err := c.GetManagementServiceGrant(namespace)
 	if err == nil {
 		if c.validateManagementServiceGrantConfig(existingGrant) {
@@ -469,7 +471,7 @@ func (c *ManagementServiceController) CreateManagementServiceGrant(namespace str
 }
 
 func (c *ManagementServiceController) GetManagementServiceGrant(namespace string) (map[string]interface{}, error) {
-	grantName := fmt.Sprintf("%s-%s", namespace, VKSManagementServiceGrant)
+	grantName := VKSManagementServiceGrant
 
 	dynamicClient := lib.GetDynamicClientSet()
 	if dynamicClient == nil {
@@ -512,7 +514,7 @@ func (c *ManagementServiceController) validateManagementServiceGrantConfig(grant
 }
 
 func (c *ManagementServiceController) DeleteManagementServiceGrant(namespace string) error {
-	grantName := fmt.Sprintf("%s-%s", namespace, VKSManagementServiceGrant)
+	grantName := VKSManagementServiceGrant
 	aviClient := avirest.VKSAviClientInstance()
 
 	payload := map[string]interface{}{

ako-infra/webhook/vks_cluster_webhook.go

@@ -14,9 +14,13 @@
 
 package webhook
 
+// These RBAC rules are needed for NSX VPC integration
+
+// +kubebuilder:rbac:groups=crd.nsx.vmware.com,resources=vpcnetworkconfigurations,verbs=get;list;watch
+// +kubebuilder:rbac:groups=ako.vmware.com,resources=l4rules;l4rules/status,verbs=get;list;watch;update;patch
 // +kubebuilder:rbac:groups=admissionregistration.k8s.io,resources=mutatingwebhookconfigurations,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups=cluster.x-k8s.io,resources=clusters,verbs=get;list;watch;update;patch
-// +kubebuilder:rbac:groups=cert-manager.io,resources=certificates;issuers,verbs=get;list;watch;create;update;patch;delete
+// +kubebuilder:rbac:groups=cert-manager.io,resources=certificates;issuers,verbs=get;list;watch;create;update;patch;delete,namespace=true
 // +kubebuilder:rbac:groups=addons.kubernetes.vmware.com,resources=addoninstalls,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups=iaas.vmware.com,resources=capabilities,verbs=get;list;watch
 // +kubebuilder:rbac:groups=run.tanzu.vmware.com,resources=clusterbootstraps,verbs=get;list;watch

ako-operator/go.mod

@@ -1,8 +1,6 @@
 module github.com/vmware/load-balancer-and-ingress-services-for-kubernetes/ako-operator
 
-go 1.24.0
-
-toolchain go1.24.3
+go 1.24.6
 
 require (
 	github.com/go-logr/logr v1.4.3
@@ -64,7 +62,7 @@ require (
 	github.com/spf13/pflag v1.0.6 // indirect
 	github.com/stoewer/go-strcase v1.3.0 // indirect
 	github.com/vmware-tanzu/service-apis v0.0.0-20200901171416-461d35e58618 // indirect
-	github.com/vmware/alb-sdk v0.0.0-20250407104238-8f88209a8f1a // indirect
+	github.com/vmware/alb-sdk v0.0.0-20251031103126-465797fb76a0 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
 	go.opentelemetry.io/auto/sdk v1.1.0 // indirect
 	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0 // indirect

ako-operator/go.sum

@@ -474,8 +474,8 @@ github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijb
 github.com/vektah/gqlparser v1.1.2/go.mod h1:1ycwN7Ij5njmMkPPAOaRFY4rET2Enx7IkVv3vaXspKw=
 github.com/vmware-tanzu/service-apis v0.0.0-20200901171416-461d35e58618 h1:ZLkxMxSr/YrYENjUJ8g6uB4rUQpZKBR3Olqf2DvuMFk=
 github.com/vmware-tanzu/service-apis v0.0.0-20200901171416-461d35e58618/go.mod h1:afqpDk9He9v+/qWix0RRotm3RNyni4Lmc1y9geDCPuo=
-github.com/vmware/alb-sdk v0.0.0-20250407104238-8f88209a8f1a h1:LwflvQ8MSQ5X1Zh8sD5NF8XE1OU7xjr00USw+GQjykk=
-github.com/vmware/alb-sdk v0.0.0-20250407104238-8f88209a8f1a/go.mod h1:fuRb4saDY/xy/UMeMvyKYmcplNknEL9ysaqYSw7reNE=
+github.com/vmware/alb-sdk v0.0.0-20251031103126-465797fb76a0 h1:Ooc6UVcgHnHeOX4F1pvy5tZg+N5d7KEJT75NWlHHbbk=
+github.com/vmware/alb-sdk v0.0.0-20251031103126-465797fb76a0/go.mod h1:fuRb4saDY/xy/UMeMvyKYmcplNknEL9ysaqYSw7reNE=
 github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
 github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
 github.com/xiang90/probing v0.0.0-20160813154853-07dd2e8dfe18/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU=